package com.lhl.flextes.config;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class WebSecurityConfig {

	@Bean
	SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
		/* 开启跨域共享,跨域伪造请求限制=无效 */
		http.cors().and().csrf().disable();
		/* rest 无状态 无session */
		//http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);


		//表单登录无效
		http.formLogin().disable();

		/* 开启授权认证 */
		http.authorizeRequests()
				//.antMatchers(PubUriConstant.PERMITALL.LOGINURL).permitAll()
				//唯一的加密入参接口
				//.antMatchers(PubUriConstant.PERMITALL.APIURL).permitAll()
				.anyRequest().authenticated();

		/* 配置token验证过滤器 */


		return http.build();
	}


//	@Bean
//	public WebSecurityCustomizer webSecurityCustomizer() {
//		// web的
//		return (web) -> web.ignoring().antMatchers("/ignore1", "/ignore2");
//	}

}